Merge "Improve "OVSFirewallDriver.process_trusted_ports"" into stable/queens

This commit is contained in:
Zuul 2020-02-26 17:58:54 +00:00 committed by Gerrit Code Review
commit eaf7535840
2 changed files with 25 additions and 9 deletions

View File

@ -510,6 +510,9 @@ class OVSFirewallDriver(firewall.FirewallDriver):
raise exceptions.OVSFWPortNotFound(port_id=port_id) raise exceptions.OVSFWPortNotFound(port_id=port_id)
return ovs_port return ovs_port
def get_ovs_ports(self, port_ids):
return self.int_br.br.get_vifs_by_ids(port_ids)
def _get_port_vlan_tag(self, port_name): def _get_port_vlan_tag(self, port_name):
return get_tag_from_other_config(self.int_br.br, port_name) return get_tag_from_other_config(self.int_br.br, port_name)
@ -671,8 +674,10 @@ class OVSFirewallDriver(firewall.FirewallDriver):
def process_trusted_ports(self, port_ids): def process_trusted_ports(self, port_ids):
"""Pass packets from these ports directly to ingress pipeline.""" """Pass packets from these ports directly to ingress pipeline."""
ovs_ports = self.get_ovs_ports(port_ids)
for port_id in port_ids: for port_id in port_ids:
self._initialize_egress_no_port_security(port_id) self._initialize_egress_no_port_security(port_id,
ovs_ports=ovs_ports)
# yield to let other greenthreads proceed # yield to let other greenthreads proceed
eventlet.sleep(0) eventlet.sleep(0)
@ -752,9 +757,14 @@ class OVSFirewallDriver(firewall.FirewallDriver):
ovs_consts.ACCEPTED_EGRESS_TRAFFIC_NORMAL_TABLE) ovs_consts.ACCEPTED_EGRESS_TRAFFIC_NORMAL_TABLE)
) )
def _initialize_egress_no_port_security(self, port_id): def _initialize_egress_no_port_security(self, port_id, ovs_ports=None):
try: try:
ovs_port = self.get_ovs_port(port_id) if ovs_ports is not None:
ovs_port = ovs_ports.get(port_id)
if not ovs_port:
raise exceptions.OVSFWPortNotFound(port_id=port_id)
else:
ovs_port = self.get_ovs_port(port_id)
vlan_tag = self._get_port_vlan_tag(ovs_port.port_name) vlan_tag = self._get_port_vlan_tag(ovs_port.port_name)
except exceptions.OVSFWTagNotFound: except exceptions.OVSFWTagNotFound:
# It's a patch port, don't set anything # It's a patch port, don't set anything

View File

@ -760,15 +760,21 @@ class TestOVSFirewallDriver(base.BaseTestCase):
self.firewall._remove_egress_no_port_security('foo') self.firewall._remove_egress_no_port_security('foo')
def test_process_trusted_ports_caches_port_id(self): def test_process_trusted_ports_caches_port_id(self):
self.firewall.process_trusted_ports(['port_id']) vif_port = ovs_lib.VifPort('name', 1, 'id', 'mac', mock.ANY)
self.assertIn('port_id', self.firewall.sg_port_map.unfiltered) with mock.patch.object(self.firewall.int_br.br, 'get_vifs_by_ids',
return_value={'port_id': vif_port}):
self.firewall.process_trusted_ports(['port_id'])
self.assertEqual(1, len(self.firewall.sg_port_map.unfiltered))
self.assertEqual(vif_port.ofport,
self.firewall.sg_port_map.unfiltered['port_id'])
def test_process_trusted_ports_port_not_found(self): def test_process_trusted_ports_port_not_found(self):
"""Check that exception is not propagated outside.""" """Check that exception is not propagated outside."""
self.mock_bridge.br.get_vif_port_by_id.return_value = None with mock.patch.object(self.firewall.int_br.br, 'get_vifs_by_ids',
self.firewall.process_trusted_ports(['port_id']) return_value={}):
# Processing should have failed so port is not cached self.firewall.process_trusted_ports(['port_id'])
self.assertNotIn('port_id', self.firewall.sg_port_map.unfiltered) # Processing should have failed so port is not cached
self.assertEqual(0, len(self.firewall.sg_port_map.unfiltered))
def test_remove_trusted_ports_clears_cached_port_id(self): def test_remove_trusted_ports_clears_cached_port_id(self):
self.firewall.sg_port_map.unfiltered['port_id'] = 1 self.firewall.sg_port_map.unfiltered['port_id'] = 1